Tanium has expanded its partnership with Google Cloud to help organizations accelerate the transformation to distributed business operations. This new offering, sold by Tanium, will help enterprises detect, investigate, and scope advanced, long-lived attacks, and includes an integration between Tanium’s Threat Response and Chronicle, Google Cloud’s security analytics platform.
According to research from Booz Allen Hamilton, the average dwell time for APTs in the enterprise hovers between 200 and 250 days. The longer these threats go undetected, the farther they are able to spread, requiring additional investigation in order to successfully remediate.
Even as the average dwell time drops across attack vectors, APTs continue to evade traditional defenses, compromising systems and data across an enterprise. Overall acceleration towards more distributed workforces and cloud computing increases the threat vector as more endpoints run outside of traditional network perimeters and defenses.
“With Tanium and Google Cloud, customers don’t have to make difficult tradeoffs between the quality, breadth, timeliness, or storage cost of their security telemetry,” said Sunil Potti, General Manager and Vice President of Cloud Security at Google Cloud. “Advanced persistent threats require a sophisticated approach to detection and response. That starts at the endpoint, where most compromise activities begin. With telemetry sourced from Tanium’s comprehensive endpoint security approach, customers have the data they need to detect and investigate post-compromise activity to accelerate remediation and prevent future intrusion.”
“The joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools,” said Orion Hindawi, co-founder and co-CEO of Tanium. “This integration enables our customers to investigate APTs and other threats from the moment of detection back to the moment of compromise for comprehensive response and remediation.”
Through the integration between Chronicle security analytics and Tanium’s unified endpoint security, joint customers can now:
Proactively hunt threats: For the first time, security teams can rapidly and proactively hunt threats both live and across an entire year of endpoint activity. High-fidelity, real-time security telemetry from Tanium combines with analytics and cloud-scale data capacity from Chronicle to deliver high-speed search and unparalleled cyber forensics capability.
Accelerate incident response and remediation: Unlike competing solutions that deliver threat detection with limited lookback or reduced data quality, Tanium and Chronicle provide the historical data required to investigate, scope and further remediate advanced persistent threats. With Chronicle, customers can correlate up to one year of data gathered from the Tanium platform’s sophisticated endpoint telemetry and network activity. This enriched dataset enables incident response teams to thoroughly investigate sustained, long-term attacks and take remediative action.
Reduce costs and increase productivity: Together, Chronicle and Tanium help increase security analyst efficiency and reduce costs associated with storage and point tool sprawl. With Tanium, organizations reduce or eliminate the need for endpoint security and management point solutions with a single agent architecture that provides detailed telemetry across endpoints everywhere. Chronicle provides cost-effective storage for that endpoint telemetry with zero data volume charges, as well as a simple user interface, allowing security analysts the ability to instantly search that data for faster threat hunting and response.